Grafana is validating Azure AD accounts based on the email claim. On Azure AD, the profile email field is not unique and can be easily modified. This leads to account takeover and authentication bypass when Azure AD OAuth is configured with a multi-tenant app.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:LGrafana
APPGrafana6.7.0 – 8.5.27 (bez)9.2.0 – 9.2.20 (bez)9.3.0 – 9.3.16 (bez)9.4.0 – 9.4.13 (bez)9.5.0 – 9.5.4 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Auth Bypass
References
Related vulnerabilities
CVE-2021-39226CRITICAL9.8⚠ KEVten sam produkt
Grafana is an open source data visualization platform. In affected versions unauthenticated and authenticated ...
CVE-2026-27876CRITICAL9.1PL ✓ten sam produkt
RCE w Grafana przez SQL Expressions i plugin Enterprise (CVE-2026-27876)
CVE-2025-41115CRITICAL10.0PL ✓ten sam produkt
Grafana Enterprise: privilege escalation przez SCIM provisioning (LPE)
CVE-2024-9264CRITICAL9.4PL ✓ten sam produkt
Grafana: command injection i local file inclusion przez SQL Expressions (duckdb)
CVE-2022-39328CRITICAL9.8ten sam produkt
Grafana is an open-source platform for monitoring and observability. Versions starting with 9.2.0 and less tha...